[Samba] SUMMARY: Getent does not get remote users

Andrew Bartlett abartlet at samba.org
Mon Mar 8 11:42:30 GMT 2004 

On Mon, 2004-03-08 at 20:00, Arno Hahma wrote:
> The problem was solved. Thanks to Stefan Günther for help and for 
> providing a working
> smb.conf excerpt, which helped to trace the problem.
> 
> It turned out I had configured samba just right. The problem was, that 
> samba was not
> compiled with ldap -support and winbindd simply did not ask for users 
> from the active directory domain controller. This was due to the fact, 
> that Gentoo Linux ebuild did not enable all the needed modules. All 
> problems disappeared after I recompiled samba-3.0.2a  manually with all 
> the necessary configure --with -switches.

These should be on automatically, if your system has such support, but
it doesn't harm to add them as well.

> The other problem with creating users' home directories was solved as 
> well. It also turned out
> I had configured PAM just right. The key to success is the keyword 
> "obey pam restrictions = yes"
> in smb.conf. If that is not set, samba ignores PAM directives and 
> that's it. Of course, there are
> still other problems like having to set /home permissions to 1777 since 
> PAM is apparently not run
> as root and cannot create home directories, if /home is not world 
> writable. I don't actually like this,

Is this with SSH?  This is an OpenSSH bug/feature.  This pam module
requires root privilages.  Try later OpenSSH versions, they are trying
hard to support this stuff, but their privsep modal (which can be
disabled) makes it hard.

> since local shell users can create files directly on /home, which may 
> or may not be a problem. Also, PAM can only create one level of 
> directories, that is, the base dir must exist before this will work. 
> Thus, if you set "template homedir = /home/%D/%U" in smb.conf, make 
> sure the
> directory %D exists in advance!

Indeed. 

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040308/5d0658a5/attachment.bin

More information about the samba mailing list